qiurui
/
Centos-kernel-stream-9
mirror of https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Centos-kernel-stream-9/mm
History
Jarod Wilson 462b3c3473 Merge: mm/hugetlb: fixes for split races 
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/7125

JIRA: https://issues.redhat.com/browse/RHEL-101247
JIRA: https://issues.redhat.com/browse/RHEL-101283
CVE: CVE-2025-38084
CVE: CVE-2025-38085

Currently, __split_vma() triggers hugetlb page table unsharing through
vm_ops->may_split(). This happens before the VMA lock and rmap locks are
taken - which is too early, it allows racing VMA-locked page faults in our
process and racing rmap walks from other processes to cause page tables to
be shared again before we actually perform the split.

Omitted-fix: 918850c13608 ("tools/testing/vma: add missing function stub")

Signed-off-by: Rafael Aquini <raquini@redhat.com>

Approved-by: Waiman Long <longman@redhat.com>
Approved-by: Luiz Capitulino <luizcap@redhat.com>
Approved-by: CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com>

Merged-by: Jarod Wilson <jarod@redhat.com>
 		2025-08-18 07:22:03 -07:00
..
damon mm/damon/sysfs-schemes: handle tried region directory allocation failure 2025-04-18 08:39:48 -04:00
kasan kasan: make kasan_record_aux_stack_noalloc() the default behaviour 2025-06-24 15:57:48 -04:00
kfence kfence: Defer the assignment of the local variable addr 2024-10-01 11:22:13 -04:00
kmsan kmsan: do not wipe out origin when doing partial unpoisoning 2024-12-09 12:25:12 -05:00
Kconfig mm: introduce ARCH_SUPPORTS_HUGE_PFNMAP and special bits to pmd/pud 2025-03-26 22:00:44 -04:00
Kconfig.debug mm: page_table_check: Make it dependent on EXCLUSIVE_SYSTEM_RAM 2024-07-16 09:30:15 -04:00
Makefile mm: memcg: introduce memcontrol-v1.c 2025-04-28 19:13:10 +01:00
backing-dev.c writeback: remove redundant checks for root memcg 2024-10-01 11:21:33 -04:00
balloon_compaction.c
bootmem_info.c bootmem: use kmemleak_free_part_phys in put_page_bootmem 2024-12-09 12:22:59 -05:00
cma.c mm/cma: drop incorrect alignment check in cma_init_reserved_mem 2024-12-09 12:25:04 -05:00
cma.h
cma_debug.c
cma_sysfs.c
compaction.c mm/compaction: fix UBSAN shift-out-of-bounds warning 2025-04-18 08:40:01 -04:00
debug.c Merge: Enable shadow stack 2025-04-29 18:49:26 -03:00
debug_page_alloc.c mm, treewide: rename MAX_ORDER to MAX_PAGE_ORDER 2024-12-09 12:24:17 -05:00
debug_page_ref.c
debug_vm_pgtable.c mm/debug_vm_pgtable: drop RANDOM_ORVALUE trick 2024-12-09 12:25:15 -05:00
dmapool.c
dmapool_test.c
early_ioremap.c mm/early_ioremap.c: improve the execution efficiency of early_ioremap_setup() 2024-09-05 20:36:27 -04:00
fadvise.c Revert "mm: support POSIX_FADV_NOREUSE" 2025-03-04 09:24:02 -05:00
fail_page_alloc.c fault-inject: improve build for CONFIG_FAULT_INJECTION=n 2024-12-17 22:59:23 +01:00
failslab.c fault-inject: improve build for CONFIG_FAULT_INJECTION=n 2024-12-17 22:59:23 +01:00
filemap.c Merge: [RHEL 9.7] IOMMU and DMA Mapping API subsystem updates 2025-05-09 16:20:06 -03:00
folio-compat.c filemap: Add fgf_t typedef 2024-07-12 12:34:59 -04:00
gup.c mm/gup: revert "mm: gup: fix infinite loop within __get_longterm_locked" 2025-07-03 23:06:50 +00:00
gup_test.c mm/gup_test.c: convert verify_dma_pinned() to us folios 2024-09-05 20:36:57 -04:00
gup_test.h
highmem.c x86/kexec: use pr_err() instead of kexec_dprintk() when an error occurs 2024-12-23 09:35:34 +08:00
hmm.c mm: ptep_get() conversion 2024-09-05 20:36:52 -04:00
huge_memory.c mm/huge_memory: fix dereferencing invalid pmd migration entry 2025-06-13 20:30:37 -04:00
hugetlb.c mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race 2025-07-14 08:31:42 -04:00
hugetlb_cgroup.c
hugetlb_vmemmap.c mm: ptep_get() conversion 2024-09-05 20:36:52 -04:00
hugetlb_vmemmap.h
hwpoison-inject.c
init-mm.c mm: move dummy_vm_ops out of a header 2024-10-01 11:17:40 -04:00
internal.h Merge: mm/gup, udmabuf: Complete memfd_pin_folios() for pinning memfd folios 2025-05-26 10:33:39 +02:00
interval_tree.c
io-mapping.c
ioremap.c mm: ioremap: remove unneeded ioremap_allowed and iounmap_allowed 2024-10-01 11:17:53 -04:00
khugepaged.c mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma 2025-04-18 08:39:57 -04:00
kmemleak.c Merge: [RHEL 9.7] IOMMU and DMA Mapping API subsystem updates 2025-05-09 16:20:06 -03:00
ksm.c mm/ksm: fix ksm_zero_pages accounting 2024-10-01 11:22:31 -04:00
list_lru.c mm: list_lru: fix UAF for memory cgroup 2024-09-10 09:15:37 -04:00
maccess.c
madvise.c mm,madvise,hugetlb: check for 0-length range after end address adjustment 2025-04-18 08:39:56 -04:00
mapping_dirty_helpers.c mm: fix clean_record_shared_mapping_range kernel-doc 2024-10-01 11:21:58 -04:00
memblock.c mm, treewide: rename MAX_ORDER to MAX_PAGE_ORDER 2024-12-09 12:24:17 -05:00
memcontrol-v1.c mm: memcg: move soft limit reclaim code to memcontrol-v1.c 2025-04-28 19:13:10 +01:00
memcontrol-v1.h mm: memcg: move soft limit reclaim code to memcontrol-v1.c 2025-04-28 19:13:10 +01:00
memcontrol.c mm: memcg: move soft limit reclaim code to memcontrol-v1.c 2025-04-28 19:13:10 +01:00
memfd.c mm/hugetlb: simplify refs in memfd_alloc_folio 2025-04-03 09:22:45 -07:00
memory-failure.c mm: record the migration reason for struct migration_target_control 2025-05-04 19:20:11 -04:00
memory-tiers.c memory tiers: use default_dram_perf_ref_source in log message 2024-12-09 12:25:43 -05:00
memory.c mm: use folio_xchg_last_cpupid() in wp_page_reuse() 2025-04-28 11:26:55 +01:00
memory_hotplug.c Merge: Refresh s390x subsystem, enable virtio-mem support on s390x and dynamic update of vfio-ap mediated devices 2025-06-23 11:03:03 -03:00
mempolicy.c mm: hugetlb: make the hugetlb migration strategy consistent 2025-05-06 12:00:30 -04:00
mempool.c mempool: introduce mempool_use_prealloc_only 2024-11-28 16:18:44 -05:00
memremap.c
memtest.c mm: memtest: convert to memtest_report_meminfo() 2024-10-01 11:21:31 -04:00
migrate.c Merge: cgroup: Backport upstream cgroup commits up to v6.12 2025-05-26 10:33:48 +02:00
migrate_device.c mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() 2025-04-18 08:40:06 -04:00
mincore.c fs: port inode_owner_or_capable() to mnt_idmap 2024-10-16 10:45:27 +08:00
mlock.c mm/mlock: set the correct prev on failure 2024-12-09 12:25:57 -05:00
mm_init.c mm/mm_init.c: print mem_init info after defer_init is done 2025-03-31 12:16:36 -04:00
mm_slot.h
mmap.c Merge: mm/hugetlb: fixes for split races 2025-08-18 07:22:03 -07:00
mmap_lock.c mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer 2024-12-09 12:25:20 -05:00
mmu_gather.c mm: fix kernel-doc warning from tlb_flush_rmaps() 2024-10-01 11:21:56 -04:00
mmu_notifier.c
mmzone.c mm: remove page_cpupid_xchg_last() 2025-04-28 19:12:47 +01:00
mprotect.c mm: mprotect: use a folio in change_pte_range() 2025-04-28 11:26:52 +01:00
mremap.c mm: fix copy_vma() error handling for hugetlb mappings 2025-07-14 08:31:41 -04:00
msync.c
nommu.c nommu: pass NULL argument to vma_iter_prealloc() 2025-04-18 08:39:54 -04:00
oom_kill.c mm: remove redundant K() macro definition 2024-10-01 11:20:53 -04:00
page-writeback.c mm/writeback: update filemap_dirty_folio() comment 2024-12-09 12:22:29 -05:00
page_alloc.c mm: record the migration reason for struct migration_target_control 2025-05-04 19:20:11 -04:00
page_counter.c
page_ext.c mm/page_ext: move functions around for minor cleanups to page_ext 2024-10-01 11:19:00 -04:00
page_idle.c
page_io.c mm: ignore data-race in __swap_writepage 2024-12-09 12:25:26 -05:00
page_isolation.c mm, treewide: rename MAX_ORDER to MAX_PAGE_ORDER 2024-12-09 12:24:17 -05:00
page_owner.c mm, treewide: rename MAX_ORDER to MAX_PAGE_ORDER 2024-12-09 12:24:17 -05:00
page_poison.c mm/page_poison: remove unused page_ext.h from page_poison 2024-10-01 11:19:03 -04:00
page_reporting.c mm, treewide: rename MAX_ORDER to MAX_PAGE_ORDER 2024-12-09 12:24:17 -05:00
page_reporting.h
page_table_check.c mm/page_table_check: support userfault wr-protect entries 2024-12-09 12:25:08 -05:00
page_vma_mapped.c mm: correct stale comment of function check_pte 2024-10-01 11:18:02 -04:00
pagewalk.c
percpu-internal.h Merge: percpu-internal/pcpu_chunk: re-layout pcpu_chunk structure to reduce false sharing 2024-05-27 13:49:28 +00:00
percpu-km.c
percpu-stats.c
percpu-vm.c
percpu.c percpu: scoped objcg protection 2024-12-09 12:22:58 -05:00
pgalloc-track.h
pgtable-generic.c mm: fix race between __split_huge_pmd_locked() and GUP-fast 2024-12-09 12:25:09 -05:00
process_vm_access.c Merge: Rebase kexec/kdump to upstream kernel v6.5 2024-05-27 13:52:25 +00:00
ptdump.c mm: ptdump should use ptep_get_lockless() 2024-09-05 20:36:47 -04:00
readahead.c mm: support order-1 folios in the page cache 2024-12-09 12:24:28 -05:00
rmap.c Revert "mm: add vma_has_recency()" 2025-03-06 16:13:44 -05:00
rodata_test.c
secretmem.c secretmem: disable memfd_secret() if arch cannot set direct map 2024-12-09 12:25:44 -05:00
shmem.c shmem: document how to "persist" data when using shmem_*file_setup 2025-07-10 21:49:44 -05:00
shmem_quota.c tmpfs: fix race on handling dquot rbtree 2024-07-17 07:49:46 +02:00
show_mem.c mm, treewide: introduce NR_PAGE_ORDERS 2024-12-09 12:24:14 -05:00
shrinker.c mm: shrinker: add infrastructure for dynamically allocating shrinker 2024-10-01 11:22:25 -04:00
shrinker_debug.c saner replacement for debugfs_rename() 2025-06-02 13:41:52 +02:00
shuffle.c
shuffle.h mm, treewide: rename MAX_ORDER to MAX_PAGE_ORDER 2024-12-09 12:24:17 -05:00
slab.c Merge: io_uring: Update to upstream v6.10 + fixes 2025-01-13 18:58:47 +00:00
slab.h mm/slub: Avoid list corruption when removing a slab from the full list 2025-01-08 18:16:46 -05:00
slab_common.c mm: krealloc: Fix MTE false alarm in __do_krealloc 2024-12-09 12:25:55 -05:00
slub.c Merge: mm/slub: Avoid list corruption when removing a slab from the full list 2025-01-14 14:18:33 +00:00
sparse-vmemmap.c mm/vmemmap: allow architectures to override how vmemmap optimization works 2024-10-01 11:19:45 -04:00
sparse.c mm/memory_hotplug: introduce MEM_PREPARE_ONLINE/MEM_FINISH_OFFLINE notifiers 2025-05-12 13:03:03 +02:00
swap.c mm: page_alloc: move mlocked flag clearance into free_pages_prepare() 2024-12-09 12:25:59 -05:00
swap.h mm: convert swap_cluster_readahead and swap_vma_readahead to return a folio 2024-12-09 12:24:09 -05:00
swap_cgroup.c
swap_slots.c
swap_state.c mm/swap_state: update zswap LRU's protection range with the folio locked 2024-12-09 12:24:21 -05:00
swapfile.c mm/swapfile: skip HugeTLB pages for unuse_vma 2024-12-09 12:25:48 -05:00
truncate.c mm: Fix missing folio invalidation calls during truncation 2024-12-09 12:25:34 -05:00
usercopy.c
userfaultfd.c mm/userfaultfd: Do not place zeropages when zeropages are disallowed 2024-10-30 11:41:14 +01:00
util.c Revert "mm: fix BUG splat with kvmalloc + GFP_ATOMIC" 2025-07-02 15:38:08 -04:00
vmalloc.c smb: client: improve compound padding in encryption 2025-01-28 10:33:17 -03:00
vmpressure.c net-memcg: Fix scope of sockmem pressure indicators 2024-10-01 11:21:42 -04:00
vmscan.c Merge: mm/gup, udmabuf: Complete memfd_pin_folios() for pinning memfd folios 2025-05-26 10:33:39 +02:00
vmstat.c mm, treewide: rename MAX_ORDER to MAX_PAGE_ORDER 2024-12-09 12:24:17 -05:00
workingset.c mm: move mapping_set_update out of <linux/swap.h> 2025-04-18 08:39:56 -04:00
z3fold.c mm/z3fold: remove obsolete comment for struct z3fold_pool 2024-10-01 11:21:44 -04:00
zbud.c mm: zswap: remove shrink from zpool interface 2024-06-28 12:24:02 -04:00
zpool.c mm: zswap: remove shrink from zpool interface 2024-06-28 12:24:02 -04:00
zsmalloc.c minmax: make generic MIN() and MAX() macros available everywhere 2024-11-18 10:30:14 -03:00
zswap.c mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() 2025-05-19 09:32:27 -04:00